Hi there, just a FYI I just received this: http://pastebin.com/m54006b68
420K in size - standard configuration of SA wouldn't have even run over this message. Also the inline image is too large for FuzzyOCR to trigger - I would guess FuzzyOCR has the (screen) size limit as a mechanism to reduce FPs. Anyway, if you increase focr_max_height/focr_max_width then FuzzyOCR grabs the text out just fine - and it looks like your standard "you're a w...r!" scam. This is the sort of thing that always worried me. As spammer don't care about the load their apps put on stolen PCs, they can just increase the size of their email formats until antispam tools start to break. Speaking of image/rtf/word attachment spam; is there any work going on to standardize this so that the textual output of such attachments could be fed back into SA? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
